Description
Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.
Published: 2025-06-11
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Certain canvas operations in Mozilla Firefox can lead to memory corruption during the rendering of image data. The vulnerability arises when the browser attempts to write beyond allocated buffers, potentially allowing an attacker to overwrite process memory. While the description does not explicitly state the resulting payload, a memory corruption flaw of this nature is capable of enabling arbitrary code execution in the context of the browser. The weakness is classified as CWE‑787 and is rated with a CVSS score of 9.8, which reflects the potential for full compromise of the host system.

Affected Systems

Mozilla Firefox, all releases prior to 139.0.4 are affected, as the fix was introduced in that version. No further version qualifiers are provided, so any build before the patch likely remains vulnerable.

Risk and Exploitability

The EPSS score for this vulnerability is below one percent, indicating that exploitation attempts are expected to be rare. The issue is not listed in the CISA KEV catalog. However, the CVSS score of 9.8 signals that an exploit, if discovered, could yield complete system compromise. The likely attack vector involves a malicious web page that manipulates canvas content, as the flaw is triggered during rendering. While exploitation probability is low, the high impact warrants prompt action.

Generated by OpenCVE AI on April 20, 2026 at 17:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Firefox to version 139.0.4 or later.
  • If updating immediately is not possible, configure the browser to block canvas element usage by setting the appropriate policy or using a content security policy that restricts canvas.
  • Monitor for any unexpected memory corruption or application crashes during web browsing, especially when accessing sites that render complex graphics.

Generated by OpenCVE AI on April 20, 2026 at 17:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18101 Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4. Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.
Title Memory corruption in canvas surfaces

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00059}

 epss

{'score': 0.00065}

Mon, 16 Jun 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox

Wed, 11 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Jun 2025 12:15:00 +0000

Type Values Removed Values Added
Description Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:31:44.782Z

Reserved: 2025-06-09T20:17:23.292Z

Link: CVE-2025-49709

cve-icon Vulnrichment

Updated: 2025-06-11T13:30:30.594Z

cve-icon NVD

Status : Modified

Published: 2025-06-11T12:15:26.977

Modified: 2026-04-13T15:16:58.937

Link: CVE-2025-49709

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T17:15:12Z

Weaknesses